deploying ipv6 in openstack environments
play

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE - PowerPoint PPT Presentation

Nov 30, 2022 •353 likes •872 views

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer Cloud Platform & Services Group @eyepv6 Agenda General OpenStack + IPv6 Stuff Tenant IPv6 Address Assignment: SLAAC, Stateless

  1. Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer Cloud Platform & Services Group @eyepv6

  2. Agenda • General OpenStack + IPv6 Stuff • Tenant IPv6 • Address Assignment: SLAAC, Stateless DHCPv6, Stateful DHCPv6 • Provider Networks • IPv6 Only • IPv6 Prefix Delegation • IPv6 with Heat • IPv6 with L3 High-Availability • Next Time • Conclusion

  3. Reference Material • https://github.com/shmcfarl/my-heat-templates • https://github.com/shmcfarl/my-heat-templates/blob/master/new-v6-only- lbaasv2.yaml • Some posts with more details: http://www.debug-all.com/ • Tenant IPv6 Deployment: http://www.debug-all.com/?m=201505 • Tenant IPv6 Deployment using Heat: http://www.debug- all.com/?m=201506

  4. General OpenStack + IPv6 Stuff

  5. It’s The End Of The World As We Know It • IANA and RIRs are out or almost out of IPv4 addresses: • https://www.arin.net/knowledge/ipv6_info_center.html • https://www.ripe.net/publications/ipv6-info-centre • https://www.apnic.net/community/ipv6-program • http://afrinic.net/services/ipv6-programme • http://portalipv6.lacnic.net/en/ • It’s easy to get IPv6 addressing and the general deployment of IPv6 on your infrastructure is much easier to do than it used to be - no excuses not to do it

  6. The Hard Stuff – IPv6 + Cloud Inside of a Cloud stack you have a lot of moving parts and they all ride on IP: • API endpoints • Provisioning, Orchestration and Management services • Boatload of protocols and databases and high-availability components • Virtual networking services <> Physical networking • It has been a bumpy road to getting a solid IPv6 implementation in OpenStack • Most of the core IPv6 requirements are met except for IPv6 PD HA and IPv6-only Metadata (config-drive seems to • be good enough) Tenant IPv6 Address Assignment via: • SLAAC, Stateful DHCPv6, Stateless DHCPv6 • ipv6_ra_mode attribute - Control of router advertisements for a subnet • ipv6_address_mode attribute - Control of how addressing is handled by OpenStack • Two common approaches for IPv6 support: • Dual-Stack everything (Service Tier + Tenant Access Tier [Tenant management interface along with VM network access]) • Conditional Dual stack (Tenant Access Tier only – API endpoints & DBs are still IPv4) •

  7. Cloud Stack – IP Version Options Dual-Stack Everything Conditional Dual-Stack Service Tier/Control Service Tier/Control Tenant 2 Tenant Tenant 1 Plane Plane Access Tier Access Tier Access Tier VM Operating VM Operating VM Operating API endpoints IPv4 API endpoints IPv4/IPv6 IPv6 IPv4/IPv6 IPv4/IPv6 System System System IPv4 IPv4/IPv6 Database(s) Database(s) Virtual Virtual Virtual IPv6 IPv4/IPv6 IPv4/IPv6 Networking Networking Networking Automation IPv4 Automation IPv4/IPv6 (L2/L3) (L2/L3) (L2/L3) Virtual Virtual Virtual Interface Interface IPv6 IPv4/IPv6 Network Network Network IPv4/IPv6 IPv4/IPv6 IPv4/IPv6 (GUI, CLI) (GUI, CLI) Services Services Services (SLB/FW) (SLB/FW) (SLB/FW) Tenant Tenant Tenant IPv6 IPv4/IPv6 IPv4/IPv6 Interface Interface Interface (GUI, CLI) (GUI, CLI) (GUI, CLI)

  8. Tenant IPv6 Deployment

  9. Address Assignment: Neutron L3-Router - SLAAC, DHCPv6 Stateless, DHCPv6 Stateful

  10. Tenant IPv6 Address Options Don’t do this Tenant 1 = 2001:DB8:1::/48 Tenant 1 = 2001:DB8:1::/48 2001:420::/32 Tenant 2 = 2001:DB8:2::/48 Tenant 2 = 2001:DB8:2::/48 XLATE/Proxy :BAD:BEEF::/64 :DEAD:BEEF::/64 :1000::/64 :2000::/64 ULA Block/48 ULA Block/48 ::A ::A ::A ::A ::A ::A FDDE:50EE:79DA:1::/64 FD9C:58ED:7D73:1::/64 Web Web Web Web Web Web :DEAD:FACE::/64 :BAD:FACE::/64 Server Server Server Server Server Server :1001::/64 :2001::/64 ::1 ::1 ::1 ::1 ::1 ::1 ::2 ::2 ::2 ::2 ::2 ::2 App App App App App App Server Server Server Server Server Server Tenant 1 Tenant 2 Tenant 1 Tenant 2 Tenant 1 Tenant 2 Option 1 Option 2 Option 3 Cloud Provider-assigned Tenant Brings Addressing Prefix Translation Addressing

  11. Neutron Addressing Schemes Reference ipv6_ra_mode ipv6_address_mode Result Address Value SLAAC N/S Address using Neutron router Configuration N/S SLAAC Address using external router Flags Auto 1 SLAAC SLAAC Address using Neutron router Managed 0 ipv6_ra_mode ipv6_address_mode Result Other 0 DHCPv6- N/S Address using Neutron router and optional stateless information using external service Address Value N/S DHCPv6-stateless Address using external router and optional Configuration information using Neutron DHCP Flags implementation Auto 1 DHCPv6- DHCPv6-stateless Address and optional information using Managed 0 stateless Neutron router and DHCP implementation Other 1 respectively ipv6_ra_mode ipv6_address_mode Result Address Value DHCPv6-stateful N/S Address and optional information using Configuration external service Flags N/S DHCPv6-stateful Address and optional information using Auto 0 Neutron DHCP implementation Managed 1 DHCPv6-stateful DHCPv6-stateful Address and optional information using Other 1 Neutron DHCP implementation http://docs.openstack.org/mitaka/networking-guide/config-ipv6.html

  12. Tenant IPv6 - Neutron L3 Example

  13. Create the Public Network/Subnet neutron net-create public --router:external neutron subnet-create --name public-subnet --allocation-pool start=172.16.12.5, end=172.16.12.254 public 172.16.12.0/24 neutron subnet-create --ip-version=6 --name=public-v6-subnet --allocation-pool start=2001:db8:cafe:d::5, end=2001:db8:cafe:d:ffff:ffff:ffff:fffe --disable-dhcp public 2001:db8:cafe:d::/64 DC rtr IPv4: 172.16.12.0/24 IPv6: 2001:db8:cafe:d::/64 .5 ::5 Router

  14. 2001:db8:cafe:a::e SLAAC Mode DNS neutron net-create private DC neutron subnet-create --ip-version=6 --name=private_v6_subnet --ipv6-address-mode=slaac --ipv6-ra-mode=slaac private 2001:db8:cafe::/64 +-------------------+-----------------------------------------------------------------------------+ | Field | Value | IPv6: 2001:db8:cafe:d::/64 IPv4: 172.16.12.0/24 +-------------------+-----------------------------------------------------------------------------+ .5 ::5 | allocation_pools | {"start": "2001:db8:cafe::2", "end": "2001:db8:cafe:0:ffff:ffff:ffff:fffe"} | | cidr | 2001:db8:cafe::/64 | Router | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 2001:db8:cafe::1 | .1 ::1 | host_routes | | | id | 42cc3dbc-938b-4ad6-b12e-59aef7618477 | | ip_version | 6 | IPv4: 10.0.0.0/24 IPv6: 2001:db8:cafe:0::/64 | ipv6_address_mode | slaac | | ipv6_ra_mode | slaac | | name | private_v6_subnet | Instance | network_id | 7166ce15-c581-4195-9479-ad2283193d06 | | subnetpool_id | | IPv4: 10.0.0.9 | tenant_id | f057804eb39b4618b40e06196e16265b | IPv6: 2001:db8:cafe:0:f816:3eff:fe79:5acc +-------------------+-----------------------------------------------------------------------------+

  15. 2001:db8:cafe:a::e Router Example DNS neutron router-create private-router DC neutron router-gateway-set private-router public neutron router-interface-add private-router private-v4-subnet IPv6: 2001:db8:cafe:d::/64 IPv4: 172.16.12.0/24 .5 ::5 neutron router-interface-add private-router private-v6-subnet Router .1 ::1 IPv4: 10.0.0.0/24 IPv6: 2001:db8:cafe:0::/64 Instance IPv4: 10.0.0.9 IPv6: 2001:db8:cafe:0:f816:3eff:fe79:5acc

  16. SLAAC Mode Info • OpenStack will not inject the IPv6 DNS entry from the subnet dns_nameservers entry • Options • Manually setting the IPv6 DNS server entry in the resolv.conf file allows for correct IPv6-based name resolution • Bake DNS settings into your image • Cloud-init to inject the DNS configuration • You do get A and AAAA records back over IPv4 transport • Basically, it works as it should

Recommend

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture OpenStack Summit at Barcelona, October 2016 Who are we? Sriram Kalyanasundaram, Director Implementations Tesora Inc. OpenStack Summit

812 views • 23 slides
CIRAs experience in deploying IPv6 Canadian Internet

CIRAs experience in deploying IPv6 Canadian Internet

CIRAs experience in deploying IPv6 Canadian Internet Registra9on Authority (CIRA) Jacques Latour Director, Informa9on Technology Singapore, June 20, 2011

356 views • 19 slides
Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

01.05.2019 Deploying OpenStack What options do we have? Agenda Introduction Deployment projects LCM projects Commercial offerings Summary Preconditions Use case Lifecycle management POC, private cloud, public

380 views • 19 slides
Deploying IPv6 in Fixed and Mobile Broadband Access Networks

Deploying IPv6 in Fixed and Mobile Broadband Access Networks

Deploying IPv6 in Fixed and Mobile Broadband Access Networks Toms Lynch Ericsson Jordi Palet Mar8nez Consulintel Ariel Weher LACNOG

1.38k views • 127 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev

Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev

Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev @VMTurbo 1 OpenStack Workload Management Challenges Limited workload scheduler Lack of real-time control VM placement decisions are static and

203 views • 9 slides
Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F.

Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F.

Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F. Bollig Minnesota Supercomputing Institute Stratus: A Private Cloud for HPC Users Project Goals Fill gaps in HPC service offerings HPC-like

580 views • 35 slides
Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud

Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud

Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud TUT1224 Thursday, April 04, 03:15 PM - 04:15 PM | Belmont 1 Friday, April 05, 10:15 AM - 11:15 AM | Belmont 2 Mike Friesenegger Solution Architect

683 views • 35 slides
Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid computing on Open Telekom Cloud Why Open Source? Open Open Design Open Choice Standards Community Lead Contributor Model No-Lock in Cloud Design

416 views • 14 slides
Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network

Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network

IPv6 Deployment in Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network Architecture &amp; Technology Planning Telekom Malaysia Agenda o About TM o The Journey o The Importance of Deploying IPv6 o General

461 views • 13 slides
Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag

Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag

Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag Deutsche Telekom AG Products &amp; Innovation Agenda Introduction Short History Of Wolke-7 Planning and Setup Virtual Private

481 views • 16 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can find me at @tcarrez on Twitter And ttx on IRC No, really What is OpenStack ? An open source project A common goal A coalition of

672 views • 33 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter: @ashinclouds OpenStack Summit Sydney Email: juliaashleykreger@gmail.com November 6th, 2017 A little about me! Ironic contributor since early 2015.

733 views • 47 slides
Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of

Get a Python job, Work on OpenStack ! about:me Release Manager for OpenStack Chair of OpenStack Technical Committee Python Software Foundation member ttx @ tcarrez @ Cloud ? Buzzword Infrastructure as a service Compute,

700 views • 28 slides
BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ

BUILD YOUR FIRST OPENSTACK APPLICATION WITH OPENSTACK PYTHONSDK VICTORIA MARTINEZ DE LA CRUZ SOFTWARE ENGINEER AT RED HAT CO-FOUNDER LINUXCHIX ARGENTINA WHAT IS OPENSTACK? BRIEF OVERVIEW OPENSTACK OVERVIEW IAAS... AND MORE! + RUNNING

548 views • 36 slides
Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin,

Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin,

Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin, Solution Architect, JFrog, Inc. Whos speaking? Mark Galpin Solution Architect @jfrog magalpin Microservices are Cool But what about

709 views • 24 slides
Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack

Future of OpenStack Looking Forward to 2019 Alan.Clark@suse.com What and Why OpenStack OpenStack is an open source software platform for cloud computing. Mostly deployed as infrastructure-as-a-service (IaaS), whereby virtual servers and

464 views • 25 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides

More recommend